Merge branch '4.8.0' into merge-4.8.0-into-4.8.1

2023-12-20 18:38:18 +01:00 · 2023-12-20 18:38:18 +01:00 · d4703d2615
commit d4703d2615
parent db59983bd8 a10380836c
6 changed files with 53 additions and 98 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,12 @@ All notable changes to this project will be documented in this file.

 - Update to [Wazuh v4.8.0](https://github.com/wazuh/wazuh/blob/v4.8.0/CHANGELOG.md#v480)

+## [v4.7.2]
+
+### Added
+
+- Update to [Wazuh v4.7.2](https://github.com/wazuh/wazuh/blob/v4.7.2/CHANGELOG.md#v472)
+
 ## [v4.7.1]

 ### Added
--- a/README.md
+++ b/README.md
@ -18,6 +18,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
 |---------------|---------|--------|
 | v4.8.1        |         |        |
 | v4.8.0        |         |        |
+| v4.7.2        |         |        |
 | v4.7.1        |         |        |
 | v4.7.0        |         |        |
 | v4.6.0        |         |        |
--- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
+++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
@ -6,9 +6,9 @@ wazuh_template_branch: v4.8.1
 filebeat_node_name: node-1

 filebeat_output_indexer_hosts:
-  - "localhost:9200"
+  - "localhost"

-filebeat_module_package_name: wazuh-filebeat-0.3.tar.gz
+filebeat_module_package_name: wazuh-filebeat-0.4.tar.gz
 filebeat_module_package_path: /tmp/
 filebeat_module_destination: /usr/share/filebeat/module
 filebeat_module_folder: /usr/share/filebeat/module/wazuh
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@ -116,11 +116,13 @@
    <rootkit_trojans>{{ wazuh_dir }}/etc/shared/rootkit_trojans.txt</rootkit_trojans>
    {% endif %}
    <skip_nfs>yes</skip_nfs>
+    {% endif %}
    {% if ansible_os_family == "Windows" %}
    <windows_apps>./shared/win_applications_rcl.txt</windows_apps>
    <windows_malware>./shared/win_malware_rcl.txt</windows_malware>
    {% endif %}

+
  </rootcheck>
  {% endif %}

@ -273,7 +275,6 @@
    {% endfor %}
    {% endif %}
    {% endif %}
-    {% endif %}

    <!-- Directories to check  (perform all possible verifications) -->
    {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_os_family == "Windows" %}
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@ -144,69 +144,22 @@ wazuh_manager_sca:
  time: ''

 ## Vulnerability Detector
-wazuh_manager_vulnerability_detector:
-  enabled: 'no'
-  interval: '5m'
-  min_full_scan_interval: '6h'
-  run_on_start: 'yes'
-  providers:
-    - enabled: 'no'
-      os:
-        - 'trusty'
-        - 'xenial'
-        - 'bionic'
-        - 'focal'
-        - 'jammy'
-      update_interval: '1h'
-      name: '"canonical"'
-    - enabled: 'no'
-      os:
-        - 'buster'
-        - 'bullseye'
-        - 'bookworm'
-      update_interval: '1h'
-      name: '"debian"'
-    - enabled: 'no'
-      os:
-        - '5'
-        - '6'
-        - '7'
-        - '8'
-        - '9'
-      update_interval: '1h'
-      name: '"redhat"'
-    - enabled: 'no'
-      os:
-        - '8'
-        - '9'
-      update_interval: '1h'
-      name: '"almalinux"'
-    - enabled: 'no'
-      os:
-        - 'amazon-linux'
-        - 'amazon-linux-2'
-        - 'amazon-linux-2023'
-      update_interval: '1h'
-      name: '"alas"'
-    - enabled: 'no'
-      os:
-        - '11-server'
-        - '11-desktop'
-        - '12-server'
-        - '12-desktop'
-        - '15-server'
-        - '15-desktop'
-      update_interval: '1h'
-      name: '"suse"'
-    - enabled: 'no'
-      update_interval: '1h'
-      name: '"arch"'
-    - enabled: 'no'
-      update_interval: '1h'
-      name: '"msu"'
-    - enabled: 'no'
-      update_interval: '1h'
-      name: '"nvd"'
+filebeat_node_name: node-1
+filebeat_output_indexer_hosts:
+  - "localhost"
+filebeat_output_indexer_port: 9200
+indexer_security_user: admin
+indexer_security_password: changeme
+filebeat_ssl_dir: /etc/pki/filebeat
+
+wazuh_manager_vulnerability_detection:
+  enabled: 'yes'
+  indexer_status: 'yes'
+  feed_update_interval: '60m'
+
+wazuh_manager_indexer:
+  enabled: 'yes'
+  hosts: "{{ filebeat_output_indexer_hosts }}"

 ## Syscheck
 wazuh_manager_syscheck:
@ -448,7 +401,8 @@ wazuh_manager_config_defaults:
  osquery: '{{ wazuh_manager_osquery }}'
  syscollector: '{{ wazuh_manager_syscollector }}'
  sca: '{{ wazuh_manager_sca }}'
-  vulnerability_detector: '{{ wazuh_manager_vulnerability_detector }}'
+  vulnerability_detection: '{{ wazuh_manager_vulnerability_detection }}'
+  indexer: '{{ wazuh_manager_indexer }}'
  log_level: '{{ wazuh_manager_log_level }}'
  email_level: '{{ wazuh_manager_email_level }}'
  localfiles: '{{ wazuh_manager_localfiles }}'
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@ -258,37 +258,30 @@
  {% endif %}
  </sca>

-  <vulnerability-detector>
-  {% if wazuh_manager_config.vulnerability_detector.enabled is defined %}
-    <enabled>{{ wazuh_manager_config.vulnerability_detector.enabled }}</enabled>
-  {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.interval is defined %}
-    <interval>{{ wazuh_manager_config.vulnerability_detector.interval }}</interval>
-  {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.min_full_scan_interval is defined %}
-    <min_full_scan_interval>{{ wazuh_manager_config.vulnerability_detector.min_full_scan_interval }}</min_full_scan_interval>
-  {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %}
-    <run_on_start>{{ wazuh_manager_config.vulnerability_detector.run_on_start }}</run_on_start>
-  {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.providers is defined %}
-  {% for provider_ in wazuh_manager_config.vulnerability_detector.providers %}
-    <provider name={{ provider_.name }}>
-      {% if provider_.enabled is defined %}
-      <enabled>{{ provider_.enabled }}</enabled>
-      {% endif %}
-      {% if provider_.os is defined %}
-      {% for os_ in provider_.os %}
-      <os>{{ os_ }}</os>
+  <vulnerability-detection>
+    <enabled>{{ wazuh_manager_config.vulnerability_detection.enabled }}</enabled>
+    <indexer-status>{{ wazuh_manager_config.vulnerability_detection.indexer_status }}</indexer-status>
+    <feed-update-interval>{{ wazuh_manager_config.vulnerability_detection.feed_update_interval }}</feed-update-interval>
+  </vulnerability-detection>
+
+  <indexer>
+    <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' or wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
+    <hosts>
+    {% for item in wazuh_manager_config.indexer.hosts %} 
+      <host>https://{{ item }}:{{ filebeat_output_indexer_port }}</host> 
    {% endfor %} 
-      {% endif %}
-      {% if provider_.update_interval is defined %}
-      <update_interval>{{ provider_.update_interval }}</update_interval>
-      {% endif %}
-    </provider>
-  {% endfor %}
-  {% endif %}
-  </vulnerability-detector>
+    </hosts>
+
+    <username>{{ indexer_security_user }}</username> 
+    <password>{{ indexer_security_password }}</password> 
+    <ssl> 
+      <certificate_authorities> 
+        <ca>{{ filebeat_ssl_dir }}/root-ca.pem</ca> 
+      </certificate_authorities> 
+      <certificate>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem</certificate> 
+      <key>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem</key> 
+    </ssl> 
+  </indexer>

  <!-- File integrity monitoring -->
  <syscheck>